During EE Times’ interview with Michael Barr, CTO and co-founder of the Barr Group, who was an expert witness during the trial, he discussed the death of “Task X,” which he believes ultimately caused “loss of throttle control” and also “a disablement of a number of the fail-safes.”

So what is Task X? What tasks is Task X supposed to perform?

Barr said he’s not allowed to talk about specifics on Task X. However, the trial transcript offers ample clues about what it does.

Kitchen sink
EE Times went back to the transcripts of Bookout v. Toyota Motor and found the following:

On the witness stand, Barr described Task X as “kitchen-sink” function because of an extensive list of chores it’s designed to perform within an automobile’s electronic system.

In the context of the trial, he explained that Task X helps manage throttle control. “It selects the next throttle percentage, whether it should be 100 percent, 50 percent, 20 percent,” he testified. “And it does that based on looking at the accelerator pedal position, whether the cruise [control] is on.”

Further, Task X executes the cruise-control code. This makes it responsible both for turning on cruise control, maintaining speed in cruise control, and turning off cruise control.

More importantly, Task X “also is responsible for many of the fail-safes on the main CPU,” Barr said during the trial.

Excerpts of the court transcript
EE Times is publishing a portion of the court transcript relevant to Task X. The following Q&A was carried out when Benjamin E. Baker, Jr., representing the plaintiffs, called expert witness Barr to the stand:

A [Barr] So the ultimate conclusion from the presence of these defects is that the software could malfunction. And the most dangerous such malfunction would be if the car had a portion of its software that was working, and that part was running the combustion feeding air and fuel and spark to the engine at the same time that the part that the driver was interacting with through the accelerator pedal or the cruise control switches was not listening to the driver because it crashed or hung, like one application might crash on your desktop while another one is still running.

Q [Baker] And are the defects that you're describing here that can cause an unintended acceleration, can that occur when the cruise control is on?

A Yes.

Q Can it occur when the cruise control is off?

A Yes.

Q And it is the same software defects that would relate to both?

A Yes.

Q Let's go to the next slide. You're talking about the software malfunctions here?

Absolutely, @sixscrews! Dr. Antony Anderson's paper seems to address the NHTSA's faulty argument quite well. We, the general public and Toyota owners in particular, should not be subjected to any known risk. The public needs to have access to all the information.
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6777269

This is not the same as the ABS system. ABS systems are designed to keep the wheels rolling because the coefficient of static friction is higher than that of sliding friction, and rolling front wheels can be steered while rolling back wheels will maintain control and follow the front wheels. ABS systems do not release the brakes to the point stopping distances are increased.

Unless you have some evidence that the ABS systems were compromised/defective such that the brakes would have been substantially released when the drivers claimed they had the brake pedals floored, it is irresponsibel to fail to mention that the brakes will stop the car regardless of whether the engine is at full throttle.

It is also irresponsible to fail to mention details of all the other "sudden acceleration" cases that have been investigated over the years and found to be driver error. There have been hundreds and perhaps thousands of other drivers in all makes and models of cars who swore their foot was on the brake, meanwhile all the evidence showed their foot was on the gas.

Actually, a floored brake pedal, as claimed in this case, will override the engine completely no matter what tasks A, B, C, ... X, Y, and Z are telling the engine to do. The engine can wail away at full throttle, perhaps burning out the transmission, but the brakes will stop the car!

But I guess a decision was made that the story is much more interesting with a rogue "Task X" lurking in the engine control software.

The code was not reviewed ? Although it sounds funny but the implications was huge ... As a newbie in the embedded field "the bit flip that killed" tells me never to be complacent and make sure the code is peer reviewed before release

This "flip-bit" situation reminds me of an AT&T problem several years ago. Their long-distance phone system went down entirely. The controlling software had been running without problem for many years. Upon examination, it was determined that one line of code that had never been executed in the previous years was finally executed because all the parameters leading to its execution were met for the first time. That one line of the source code was missing a semicolon at the end of the line of code! That's all it took to bring the entire system to its knees.

...Perhaps we did not realize this or were unwilling to face up to it, either as a community of responsible engineers or as a nation that relies on a governement agency as the last defense against disaster.

In many ways, the public has not realized the extent of software defects Toyota introduced in the electronic throttle system. Much of the discovery by the experts' group had never been made public until the Oklahoma trial.

Recently Boeing was forced to ground an entire generation of new aircraft due to a battery control problem. Why doesn't the NHTSA have the authority to take faulty cars off the road?

A very good question.

As Michael Barr pointed out:

NHTSA needs to get Toyota to make its existing cars safe and also needs to step up on software regulation and oversight. For example, FAA and FDA both have guidelines for safety-critical software design (e.g., DO-178) within the systems they oversee. NHTSA has nothing.

@MS243, we wish. Denso's CPU was examined by experts. But all we are working with here is trial transcript; none of the reports or slides supplied by witnesses during the trial is publicly available at this point.

Exactly - as I said before, there are millions of vehicles on the road with this defective software. The loss of control condition is not occurring very often or we would be seeing a lot of Camrys in the ditch or being hauled to the scrapyard.

Still, it CAN happen - 'under what conditions?' is, perhaps, a question that cannot be answered. And maybe that points to the core of the issue - the software that controls safety-critical systems must be deterministic, that is, it must do action Z in case Y in time t +/- tx wher tx << t. Clearly the Toyota engine control software does not conform to this requirement. Why are we, as a society, letting Toyota off the hook here? Because it doesn't happen very often? I would suggest that it has happened more often that the published data imply - has every single vehicle/single driver fatal accident involving a Toyota been throughly investigated? Or are many of these written off as 'driver lost control of vehicle?' We are dealing with lucky survivors tales here rather than unequivocal data - and burying victims of a massive fraud.

It seems to me that Mr. Barr's work represents that unequivocal data - this CAN happen and, as engineers, we all know that what CAN happen WILL happen sooner or later.